Machine became infected with DriverScanner malware, now I cannot run exe files and all file associations seems to have been removed.
Here is my OTL log: Would be grateful if you could help.
OTL logfile created on: 4/11/2013 8:20:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.42 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2013/04/09 22:38:40 | 000,107,520 | ---- | M] () [Auto] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/03/13 16:58:18 | 000,080,224 | ---- | M] (SafeApp Software, LLC) [Auto] -- C:\Program Files\Disk Cleaner\DiskCleanerService.exe -- (Disk Cleaner Service)
SRV - [2013/03/08 00:50:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/29 03:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Mal_warebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/12/06 20:25:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/07 18:22:10 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/07 18:22:10 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/07 18:21:50 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/03/22 19:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/01/18 20:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/07/14 12:43:26 | 000,534,040 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006/05/11 12:40:06 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto] -- C:\WINDOWS\System32\sfrem02.exe -- (sfrem02) FrontLine Drivers Auto Removal (v2)
SRV - [2002/10/18 15:04:10 | 000,101,136 | ---- | M] () [On_Demand] -- C:\ora60\BIN\ONRSD80.EXE -- (OracleClientCache80)
SRV - [2002/04/30 00:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto] -- C:\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 04:34:38 | 000,242,328 | ---- | M] () [On_Demand] -- C:\ora92\bin\ONRSD.EXE -- (OracleORA92ClientCache)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (svahgwnj)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/11/29 03:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/06/17 01:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 10:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/21 07:34:38 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/10/07 18:22:48 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/07 18:22:48 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/07 18:22:46 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/07 18:22:46 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/10/07 18:22:16 | 000,015,920 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2007/10/07 17:31:30 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/07 17:31:30 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/10/07 17:31:28 | 000,030,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2007/06/28 20:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/03/22 19:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/12/13 02:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/23 00:03:48 | 000,081,152 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/10/15 09:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/09/11 07:57:56 | 000,067,960 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv02.sys -- (sfdrv02) FrontLine Environment Driver (v2)
DRV - [2006/07/28 20:20:28 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/06/14 13:12:13 | 000,078,184 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/06/05 07:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/04/04 17:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/12/10 20:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/03/09 17:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\Sarah_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\Sarah_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sarah_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{965E66B8-F358-46FE-9EE6-AFAE932B568D}: C:\Documents and Settings\Sarah\Local Settings\Application Data\{965E66B8-F358-46FE-9EE6-AFAE932B568D} [2010/03/26 05:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 00:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/08 00:50:19 | 000,000,000 | ---D | M]
[2013/03/08 00:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 00:50:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/22 23:59:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/20 08:44:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2007/02/11 18:29:34 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 192.168.0.10 wport
O1 - Hosts: 192.168.0.7 wport5
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Sarah\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Sarah_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Mal_warebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDMSSplash] C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\Sarah_ON_C..\Run: [Disk Cleaner] C:\Program Files\Disk Cleaner\DiskCleaner.Exe (SafeApp Software, LLC)
O4 - HKU\Sarah_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\Sarah\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Telstra Turbo Modem Manager.lnk = C:\Program Files\Telstra\Telstra Turbo Modem Manager\Service\MdmMgr.exe (TODO: <Company name>)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sarah_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - File not found
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/12 01:53:00 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2013/04/11 04:35:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/11 04:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/11 04:34:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2013/04/09 22:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013/04/09 22:43:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/04/09 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2013/04/09 22:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2013/04/09 22:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2013/04/09 22:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2013/04/09 22:42:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IETldCache
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\Yontoo
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disk Cleaner
[2013/04/09 22:39:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/04/09 22:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/04/09 22:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/04/09 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\Uniblue
[2013/04/09 22:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Cleaner
[2013/04/09 22:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab
[2013/04/09 22:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/09 22:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/03/20 16:16:38 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 16:16:38 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/13 16:58:10 | 000,389,120 | ---- | C] (SafeApp Software, LLC) -- C:\WINDOWS\System32\DiskCleanerLM.ocx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/11 05:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 04:38:53 | 000,579,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/11 04:38:53 | 000,115,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/11 04:35:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/11 04:34:56 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/04/11 04:33:08 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/04/11 04:33:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/04/10 18:59:41 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 18:54:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 18:39:03 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/04/10 18:28:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-168272666-3280425979-916354177-1011UA.job
[2013/04/10 06:28:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-168272666-3280425979-916354177-1011Core.job
[2013/04/09 22:43:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/09 22:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2013/04/09 22:40:49 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Disk Cleaner.lnk
[2013/04/09 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disk Cleaner
[2013/04/09 22:39:53 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2013/04/09 22:39:52 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/04/09 22:39:50 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Sarah\ntuser.pol
[2013/04/09 22:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/04/06 07:05:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/05 05:06:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Microsoft Office Word 2003.lnk
[2013/03/28 10:29:17 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/28 10:29:17 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Google Chrome.lnk
[2013/03/13 16:58:10 | 000,389,120 | ---- | M] (SafeApp Software, LLC) -- C:\WINDOWS\System32\DiskCleanerLM.ocx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/11 04:34:56 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/04/11 04:34:47 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/11 04:34:47 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/11 04:34:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/11 04:34:47 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2013/04/11 04:34:47 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/04/11 04:34:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/09 22:46:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/04/09 22:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/09 22:41:24 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/04/09 22:40:49 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Disk Cleaner.lnk
[2013/04/09 22:39:53 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2013/04/09 22:39:52 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/04/09 22:39:50 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Sarah\ntuser.pol
[2012/10/06 02:45:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F30135828D.sys
[2012/10/06 02:42:59 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/08/14 05:04:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\fusioncache.dat
[2012/08/14 04:59:20 | 000,109,823 | ---- | C] () -- C:\WINDOWS\hppins02.dat.temp
[2012/08/14 04:59:20 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat.temp
[2012/06/25 03:54:24 | 000,128,756 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2012/06/25 03:54:24 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2012/06/25 03:54:09 | 000,000,392 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2012/06/25 03:53:48 | 000,001,189 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2012/06/25 03:51:40 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2012/06/25 03:51:40 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DAT
[2012/02/16 03:24:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 03:33:30 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010/10/12 22:31:07 | 000,001,648 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/05/23 10:06:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/04/14 13:02:59 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/26 05:40:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ulecoqafaripe.dat
[2010/03/26 05:40:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jqemakizaxi.bin
[2010/03/26 05:36:25 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2009/11/10 00:02:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/11 05:51:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009/06/07 01:36:40 | 000,093,310 | ---- | C] () -- C:\WINDOWS\News Rover Uninstaller.exe
[2009/05/29 23:42:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009/03/24 02:36:32 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 20:01:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2008/11/01 22:44:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/02/14 18:15:48 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/02/14 18:15:47 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/02/14 18:15:30 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/14 18:15:29 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/02/14 18:15:29 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/02/14 18:15:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/11/29 18:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 17:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/26 17:37:58 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/11/08 17:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/06 23:29:21 | 000,000,702 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2007/06/28 20:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/05/01 03:01:46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2007/05/01 03:01:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/02/12 19:20:25 | 000,000,311 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/02/08 01:56:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\voicestub.dll
[2007/02/05 18:49:45 | 000,000,229 | ---- | C] () -- C:\WINDOWS\SoxModem.INI
[2007/02/05 18:49:37 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\SoxMan.dll
[2007/02/01 19:31:05 | 000,001,204 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/02/01 19:28:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/01/04 00:43:07 | 000,000,480 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/03 23:34:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/03 23:30:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/01/03 23:19:35 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/01/03 23:19:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/01/03 23:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/01/03 23:16:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/01/03 23:16:19 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/01/03 23:16:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/03 23:16:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/01/03 23:09:10 | 000,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/12/13 22:09:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2006/07/02 19:59:57 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006/05/16 09:54:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 20:43:56 | 000,579,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 20:43:56 | 000,115,566 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 20:39:48 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 20:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 20:27:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 20:28:45 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[2003/01/07 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/07/06 14:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/03/27 22:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1999/07/29 18:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
========== LOP Check ==========
[2013/04/08 05:36:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sarah\Application Data\.#
[2009/12/05 02:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Azureus
[2013/04/09 22:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab
[2010/04/13 10:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Facebook
[2010/08/29 05:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\GameTuts
[2010/08/29 05:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Mael
[2009/11/08 10:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Moyea
[2009/09/18 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\MSNInstaller
[2010/05/23 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Orbit
[2013/03/04 05:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\TeraCopy
[2013/04/09 22:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Uniblue
[2011/04/20 00:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\uTorrent
[2011/02/20 23:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\WindSolutions
[2013/04/10 18:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Yontoo
[2013/04/09 22:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2009/12/05 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/23 06:47:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/04/09 22:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2007/12/09 19:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2007/11/26 17:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/20 22:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2013/04/09 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/11/01 22:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/09 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/02/20 23:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/12/26 01:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/11 04:33:08 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2013/04/11 04:33:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\dsmonitor.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 512 bytes -> C:\WINDOWS\System32\sapregsv.exe:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\oraxp.bat:CA_INOCULATEIT
< End of report >